c880b599e386ed9c658e6f7ffd057b5a3d154cb7742f6fc12db5ae2c81fa5d2a

Analysis

max time kernel
150s
max time network
133s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
01-12-2024 01:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
Size

130KB
MD5

abae89fadf4fd232876ce116cb46dba9
SHA1

c677d0eb539ae98c7332f0e545028d5d3588f2fd
SHA256

e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf
SHA512

a351e5811e8bd8fdd3c0def85f4a0731ecd15a0a8490cacee46537e708759fa70248e6b2969fc9faf44eec072c65a9693d16a6f49add68f9a1d18986b336ad0a
SSDEEP

3072:AHZ+X3AoExFOV48wlPhPoRDaPuUcJ6OI9Lfwibd:AHZAADAV48MPhPOs9zwih

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	663	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/649/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/753/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/672/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/725/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/727/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/734/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/18/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/26/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/339/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/705/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/770/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/19/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/280/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/678/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/692/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/729/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/757/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/1/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/274/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/664/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/668/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/720/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/728/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/769/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/771/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/23/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/27/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/660/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/779/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/784/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/702/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/755/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/768/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/778/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/25/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/464/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/666/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/684/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/700/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/736/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/758/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/767/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/12/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/662/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/671/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/138/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/699/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/715/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/782/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/10/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/16/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/43/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/766/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/792/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/75/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/698/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/703/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/14/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/304/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/746/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/732/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/745/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/786/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
File opened for reading	/proc/276/cmdline	e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf

/tmp/e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
/tmp/e36fecdff87334f7ac5122c8fb91c81b66b21685a831b57f42728cb88bfd93cf.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:663

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads